A lab environment for replicating and exploring the vulnerabilities and exploits documented in the PeckShield audit of SushiSwap v1.0, as well as performing advanced fuzzing and invariant testing on its Uniswap V2-based AMM core.
This project is a port of the original SushiSwap v1 contracts (commit 180bc9b) from sushiswap/sushiswap to Solidity 0.8.25, enabling modern testing frameworks and security validation tools.
The lab provides a reproducible environment to:
- Replicate historical vulnerabilities described in public audits
- Validate patched code and security mitigations
- Develop proof-of-concept (PoC) exploits
- Perform stateful and stateless fuzz testing
- Conduct mutation testing and differential testing against reference implementations
src/contracts/— ported and patched SushiSwap v1 contractstest/— tests replicating audit findings and exploitsmocks/— supporting mock contracts for testsscripts/— deployment or migration scripts
Contributions are welcome. If you plan to add fuzz tests, PoC exploits, or new invariants, please open an issue or pull request to discuss. Follow Solidity best practices and clearly document any security-relevant findings or modifications.
- Original SushiSwap contracts: WTFPL
- Portions derived from Uniswap V2: GPLv3
- Your contributions: choose your license or inherit the above
See the NOTICE file for detailed attribution.